[Pki-devel] patch for review - https://bugzilla.redhat.com/show_bug.cgi?id=739708

Ade Lee alee at redhat.com
Mon Sep 26 15:40:52 UTC 2011


https://bugzilla.redhat.com/show_bug.cgi?id=739708 - pki-selinux lacks
rules in F16

This patch adds two of the three rules.  

The remaining one:
allow pki_ca_t unreserved_port_t:tcp_socket name_connect;

is still under investigation.  I have no idea why tomcat would be trying to
connect to an ephemeral port (and I have not been able to reproduce on my
system).  As far as I can tell, this happens on startup on Alexander's system
-- but it does not affect the startup of the server.

I'll keep looking for it.

Please review.

Ade


-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix.patch
Type: text/x-patch
Size: 909 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20110926/bc66b62f/attachment.bin>


More information about the Pki-devel mailing list